Separate metadata from payload
RFC 2397 defines a data URL as data:, optional media type and parameters, an optional ;base64 marker, a comma, and the payload. Without ;base64, the payload uses URL percent-encoding instead. This page handles both forms and reports each part separately.
If no media type is supplied, the default is text/plain. A charset parameter describes text decoding but does not make arbitrary binary safe to display as text.
Preview only in an appropriate context
Images and plain text receive a local preview. HTML, SVG, XML, scripts, and unknown binary are not executed in the page; they are shown as text when appropriate or offered as a download. This avoids turning a decoder into an active-content launcher.
Data URLs inherit the security concerns of the media type they carry. They can also be extremely long and difficult to inspect in logs, HTML, and browser history.
Common failures this tool explains
- The data: prefix or comma separator is missing.
- The ;base64 marker is present but the payload is not valid Base64.
- A percent escape is incomplete or contains non-hexadecimal digits.
- The declared MIME type encourages a preview that would execute active content.
Equivalent commands
Use the runtime or shell already available in your workflow. Validate untrusted input and keep binary output out of terminals when it may contain control bytes.
Python
from urllib.parse import unquote_to_bytes
header, payload = data_url.split(',', 1)
raw = base64.b64decode(payload) if ';base64' in header else unquote_to_bytes(payload)
JavaScript
const response = await fetch(dataUrl);
const blob = await response.blob();
console.log(blob.type, blob.size);
Shell
payload=${DATA_URL#*,}
printf '%s' "$payload" | base64 --decode > decoded.bin